A week in security (May 21 – May 27)

Last week we told you about a Mac cryptominer using XMRig, an overview of Dreamcast related scams, part 1 of decoding Emotet, and what to do about bad coding habits that die hard. We also published the results of our second CrackMe contest. Other news How a pioneer of machine learning became one ...

MiniUPnP ngiflib DecodeGifImg' Function Denial of Service Vulnerability

MiniUPnP is a set of UPnP tools developed by MiniUPnP project that can be used in embedded systems. This tool enables devices in home and corporate networks to connect to each other. ngiflib is one of the GIF image format decoding libraries written in C language. A security vulnerability exists i...

CVE-2018-9154

There is a reachable abort in the function jpcdecprocesssot in libjasper/jpc/jpcdec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jasalloc2 return value, a different vulnerability than CVE-2017-13745...

EulerOS 2.0 SP2 : php (EulerOS-SA-2018-1097)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing a...

EulerOS 2.0 SP1 : php (EulerOS-SA-2018-1096)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing a...

Mercury - A Hacking Tool Used To Collect Information And Use The Information To Further Hurt The Target

Mercury is a hacking tool used to collect information and use the information to further hurt the target. Installation Requires Python2 Linux apt-get install python2 git clone https://www.github.com/MetaChar/Mercury pip install -r requirements.txt Features BruteForce Mercury uses Selenium to...

CVE-2018-9133

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions coders/tiff.c, which results in a hang tens of minutes with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file...

SANNY Malware Delivery Method Updated in Recently Observed Attacks

Introduction In the third week of March 2018, through FireEye’s Dynamic Threat Intelligence, FireEye discovered malicious macro-based Microsoft Word documents distributing SANNY malware to multiple governments worldwide. Each malicious document lure was crafted in regard to relevant regional...

(Pwn2Own) Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libvorbis...

Directory traversal

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

CVE-2014-3626

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

CVE-2014-3626

The CVE-2014-3626 vulnerability affects the Grails Resource Plugin (pre-1.2.13). A directory-traversal protection bug caused the plugin to return the decoded URI after the traversal check instead of the normalized URI, enabling a double-decoding issue. The fixed behavior repeatedly decodes the UR...

CVE-2014-3626

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

Updated libvorbis packages fix security vulnerability

libvorbis can write out of bounds on codebook decoding when processing malformed Vorbis audio data CVE-2018-5146...

CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

UBUNTU-CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash...

CVE-2016-9591

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer...

[SECURITY] Fedora 27 Update: sharutils-4.15.2-8.fc27

The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files in binary or text format in a special plain text format called shell archives shar. This format can be sent through e-mail which can be problematic for regular binary files. T he shar...

CVE-2017-18215

The CVE-2017-18215 entry concerns the image tool xv, version 3.10a. Affected component: xvpng.c in xv 3.10a. Root cause: memory corruption (out-of-bounds write) when decoding PNG comment fields due to an incorrect length value. Impact: potential crashes or code execution as stated in the sources....

DEBIAN-CVE-2018-7557

The decodeinit function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service Out of array read via an AVI file with crafted dimensions within chroma subsampling data...